Ubuntu Security Notice USN-3377-1

Ubuntu Security Notice 3377-1 - Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. Various other issues were also addressed.

Fan Wu and Shixiong Zhao discovered a race condition between inotify eventsand vfs rename operations in the Linux kernel. An unprivileged localattacker could use this to cause a denial of service (system crash) orexecute arbitrary code. (CVE-2017-7533)

It was discovered that the Linux kernel did not properly restrictRLIMIT_STACK size. A local attacker could use this in conjunction withanother vulnerability to possibly execute arbitrary code.(CVE-2017-1000365)

=E6=9D=8E=E5=BC=BA discovered that the Virtio GPU driver in the Linux kernel did notproperly free memory in some situations. A local attacker could use this tocause a denial of service (memory consumption). (CVE-2017-10810)

=E7=9F=B3=E7=A3=8A discovered that the RxRPC Kerberos 5 ticket handling code in theLinux kernel did not properly verify metadata. A remote attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2017-7482)

Update instructions:

The problem can be corrected by updating your system to the followingpackage versions:

After a standard system update you need to reboot your computer to makeall the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.